Cybersecurity

CVE Vulnerability Alerts
CVE-2026-53359 Januscape: 16-Year KVM Flaw Enables VM Escape
CVE-2026-53359 Januscape is a 16-year-old Linux KVM use-after-free that allows guest VM escape to the host on Intel and AMD systems. Patches are available.
Cybersecurity
Operation DragonReturn: DcRAT Targets India Tax Professionals
China-nexus Operation DragonReturn deploys DcRAT via a cloned Indian tax utility, targeting tax professionals and accountants during India's filing season.
Cybersecurity
UK Cyber Resilience Pledge Draws 60 Signatories, Including Capita
UK Technology Secretary Liz Kendall launched the Cyber Resilience Pledge with 60 signatories, including Capita, despite its ICO fine for a ransomware breach.
Cybersecurity
CSE Admits Hacking Ransomware Gangs and Deleting Stolen Victim Data
Canada's CSE confirmed offensive cyber operations against ransomware gangs, including destroying a gang's full infrastructure and deleting stolen victim data.
Application Security
GitLost Prompt Injection Leaks Private GitHub Repos via Public Issues
Noma Security's GitLost technique tricks GitHub Agentic Workflows into leaking private repository contents via public issue comments, with no patch available.
Application Security
WriteOut Flaw Let Attackers Hijack Any Writer AI Enterprise Account
Sand Security found a one-click session isolation flaw in Writer AI letting attackers access any enterprise tenant's private models, credentials, and documents.
Cybersecurity
Japan Arrests Teen Who Used ChatGPT to Cancel 46,812 Bandai Accounts
Tokyo police arrested a 15-year-old who used ChatGPT to generate attack code that canceled 46,812 Bandai Channel streaming accounts in under four hours.
Application Security
BeyondTrust CVE-2026-40138 Auth Bypass Left Self-Hosted Users Exposed
BeyondTrust patched a CVSS 9.2 auth bypass in Remote Support and PRA for SaaS users months ago but withheld notice from self-hosted operators until July ...
CVE Vulnerability Alerts
CERT/CC Finds Hidden Admin Backdoor CVE-2026-11405 in Tenda Firmware
CERT/CC disclosed CVE-2026-11405, a hidden backdoor in Tenda router firmware granting unauthenticated full admin access. No vendor patch is available.
Application Security
Adobe ColdFusion CVE-2026-48282 Exploited Within Hours of PoC Release
Adobe ColdFusion CVE-2026-48282 (CVSS 10) moved from PoC release to confirmed in-the-wild exploitation in under two hours, according to KEVIntel honeypot data.